Security bypass in HP Network Automation - CVE-2017-5814
Published: May 10, 2017
Vulnerability identifier: #VU6507
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2017-5814
CWE-ID: CWE-592
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Hewlett Packard Enterprise Development LP
Affected software:
HP Network Automation
HP Network Automation
Detailed vulnerability description
The vulnerability allows a remote unauthenticated attacker to bypass security restrictions on the target system.
The weakness exists due to an unspecified condition that exists within the affected software. A remote attacker can bypass authentication and gain elevated privileges on the targeted system to conduct further attacks.
Successful exploitation of the vulnerability may result in privilege escalation on the application.
The weakness exists due to an unspecified condition that exists within the affected software. A remote attacker can bypass authentication and gain elevated privileges on the targeted system to conduct further attacks.
Successful exploitation of the vulnerability may result in privilege escalation on the application.
How to mitigate CVE-2017-5814
Update to version 10.00.022, 10.11.03 or 10.21.01.